Coronavirus and its spread across borders is a concern for employers and employees. While employers will be concerned to ensure their business’ continuity and the safety and health of their employees, measures intended to ensure a safe working environment can increase processing of employee personal data. In its latest blogs and articles, the ICO (Information Commissioner’s Office) gives helpful guidance about the processing of personal data during the COVID-19 virus pandemic.
Are public bodies communications direct marketing?
The ICO acknowledges the need for public bodies and health practitioners to be able to communicate directly with people when dealing with the spread of the COVID-19 virus. The Government, the NHS, health professionals and other organisations may send public health messages to people, either by phone, text or email. Such messages are not seen as direct marketing and do not need consent from individuals.
How can you protect your staff against coronavirus?
Employers and organisations have an obligation to protect their staff and in some cases it would be reasonable for them to ask employees and visitors about details that may be considered sensitive, including health conditions, coronavirus symptoms and recent travel. However, employers and organisations should be careful not to ask for any unnecessary information. Employers could ask visitors to consider government advice before they decide to come. And you could advise staff to call 111 if they are experiencing symptoms or have visited particular countries. This approach should minimise the information, including sensitive information, you need to collect. If that’s not enough and you still need to collect specific health data, do not collect more than you need and ensure that there are safeguards in place to protect that information.
Can you tell other employees if a member of your staff has coronavirus?
If an employer learns about an employee becoming ill with coronavirus, it might need to tell the employee’s colleagues due to an obligation to ensure the health and safety of the employees but that does not mean that the name of the affected employee or any other unnecessary information should be disclosed. If we don’t meet our usual standard or response to information right requests, will the ICO take regulatory action against us? As the organisations are diverting their resources to help immediate challenges in connection with the Covid-19 pandemic, it may take longer to process any subject access requests (SAR) or Freedom of Information requests in case of a public body. The ICO understands that resources may be diverted away from the usual compliance and governance work and organisations will not be penalised where they need to prioritise other areas. Statutory timescales, for example for dealing with subject access requests (SAR), cannot be extended but the ICO recognises that there may be understandable delays when making information rights requests during the pandemic.
Can I share information with authorities about specific individuals?
If it is necessary for your organisation to share information with authorities about specific individuals the data protection law won’t stop you from doing so.
If my staff is working from home, what should I do?
With more homeworking think about having security measures in place that you would normally have for homeworking. Data controllers might need to share information quickly or adapt the way they work. Data protection rules will not stop you doing that. Data protection compliance is about being proportionate – if an action feels excessive from the public’s point of view, then it probably is.
Questions? LawBite can help
For more specialist data protection legal advice on your specific situation, our lawyers are always on hand to help, and our low-cost, fixed price means that you will never need to worry about an unexpected bill. Call us today for more information about how we could save you time and money on 020 3808 8314 or submit your enquiry here. The author of this article is Alla Fairborther. Alla Fairbrother is an experienced and effective solicitor with clear business focus and many years of legal expertise supporting businesses of various sizes and industries. Alla has provided legal support to businesses on various areas of law and has broad UK based international experience in all types of legal matters concerning a particular business, with more in-depth experience in commercial / business law, including: Reviewing, drafting and negotiating a broad range of commercial contracts, Confidentiality agreements, NDAs and CDAs, Supply of goods and / or services contracts, Purchase agreements, both direct and indirect, Distributor and dealer agreements, Supply, installation, commissioning and some construction contracts, Franchise agreements, Research, development and student sponsorship agreements.
The supervisory authority for GDPR compliance, the Information Commissioner's Office (ICO), has recently published its decision to fine British Air...
LawBite can help you
LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.
Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.